With this Notice MON MASSAGUE di Massagué Flaqué Montserrat, with registered office in via Montini no. 2, 35122 Padova (Italia), Italian Tax Code MSSMTS73A44Z131Y, VAT Number 08029611004, owner of the websites www.monmassague.com and www.monmassague.it, informs you about the purposes and methods of processing your personal data and about the rights recognized by Regulation (EU) 2016/679 on the protection and free movement of personal data ("General Data Protection Regulation" or "GDPR") and by Italian Legislative Decree 196/2003.
The data controller is MON MASSAGUE di Massagué Flaqué Montserrat, with registered office in via Montini no. 2, 35122 Padova (Italia), Italian Tax Code MSSMTS73A44Z131Y, VAT Number 08029611004 ("Controller").
You can contact the Controller at the following e-mail address: email@example.com
PERSONAL DATA PROCESSED
Contact and payment details
If spontaneously provided, the Controller will process your contact details (e.g. e-mail and delivery address), choice of products (e.g. model, size) and payment (e.g. bank details) to give effect to:
- The sale of products on the Website (and related activities);
- Your requests for information on the products offered by the Controller.
The computer systems and computer programs used to operate the Website collect some personal data whose transmission is implicit in the use of Internet communication protocols (e.g. IP addresses or domain names of the computers used by users who connect to the Website, the URI – Uniform Resource Identifier – addresses of the requested resources, time of the request, method used in submitting the request to the server, size of the file obtained in response, numerical code about the status of the response made by the server – successful, error, etc. – and other parameters relating to the operating system and the user's IT environment). Although this is information that is not collected to be associated with identified data subjects, by their nature they could, through processing and association with data held by third parties, allow the data subjects to be identified. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the Website: except for this possibility, the data on web contacts do not currently persist for more than 365 days.
In some cases, personal data are collected by the Controller with the use of various technologies, including that of "cookies". Cookies consist of a series of data that a website sends to a "browser" (which could be your browser). This information can then be stored on your computer (including your computer) via a tag that identifies the computer but not the user.
PURPOSE OF THE PROCESSING ACTIVITY AND LEGAL BASIS
Performance of a contract
The processing is necessary in order to execute the contractual relationship and to carry out all the necessary actions (order confirmation, payment management, shipping, pre- and post-sales assistance); as well as for the administrative obligations related to the above.
The legal basis for the processing of your data are, therefore, the performance of the contract with you, pursuant to article 6, first paragraph, letter b), of the GDPR; as well as compliance with a legal obligation, pursuant to article 6, first paragraph, letter c), of the GDPR.
Management of your requests
The processing is necessary in order to browse the Website and to answer to specific requests such as, by way of example and not limited to, sending technical information on the products and services offered by the Controller.
The legal base for the processing of your data is the fulfillment of your request, pursuant to Article 6, first paragraph, letter b), of the GDPR.
The processing is necessary for the correct management and functioning of the Website.
The legal basis for data processing is the legitimate interest of the Controller, pursuant to art. 6, first paragraph, letter f), of the GDPR.
NATURE OF THE PROCESSING ACTIVITY AND CONSEQUENCES OF REFUSAL
The processing of your personal data is a necessary requirement for (i) the completion and correct execution and management of the contractual relationship and / or (ii) the management of your request; therefore your refusal to provide personal data from time to time expressly indicated as mandatory prevent the Controller from performing the above.
HOW PERSONAL DATA ARE PROCESSED
The processing of your personal data will take place, in compliance with the provisions of the GDPR, using IT tools, for the purposes indicated and, in any case, with methods suitable for guaranteeing their security and confidentiality in accordance with the provisions of article 32 of the GDPR. The Controller does not use automated decision-making processes and does not carry out profiling activities.
DATA RETENTION PERIOD
For the pursuit of the purposes described in point 2 above, your data could be communicated to employees, collaborators and, in general, to the staff of the Controller, who will operate as persons authorized to process personal data, specifically appointed.
Furthermore, your data may be transferred to and processed by the following third parties:
- logistics / transport service providers for the execution of the contractual relationship;
- credit and insurance institutions for the management of payments;
- legal, tax and accounting consultants for the management of the relationship or legal obligations;
- authorities and public administrations to fulfill legal obligations or ascertain, exercise or defend a right in a judicial or administrative setting;
- arbitrators, mediators, technical consultants and other subjects who may be involved in the prevention or resolution of disputes in relation to the management of the relationship;
- other service providers in relation to the management of the relationship.
The subjects belonging to the categories listed above will operate, in some cases, as separate data controllers, in other cases, as data processors specifically appointed by the Controller pursuant to article 28 of the GDPR. At any time, you can request the list of data processors by contacting the Controller at the addresses indicated in the previous point 1. Your data will not be disclosed to the public.
Your personal data will not be spread among the public or transmitted to subjects outside the European Union.
PERIOD OF CONSERVATION OF YOUR PERSONAL DATA
The Data Controller will process your personal data, for the purposes indicated above, for the time necessary to manage your request and to fulfill any obligation imposed by laws or regulations, European or of a Member State of the European Union.
Without prejudice to the above, in the event of execution of a contractual relationship, your personal data will be kept by the Controller for a period of 10 years from the completion of the relationship and subsequently destroyed.
YOUR RIGHTS AS INTERESTED PARTY
With regard to the processing activities mentioned in this information, you can exercise the rights listed in this section, as enshrined in articles 15 to 21 of the GDPR. In particular:
- Diritto di accesso – articolo 15 del GDPR: ottenere conferma che sia o meno in corso un trattamento di Suoi dati e, in tal caso, ricevere informazioni relativamente a, tra le altre: finalità del trattamento, categorie di dati trattati e periodo di conservazione, destinatari cui questi possono essere comunicati.
- Right of access – article 15 of the GDPR: to obtain confirmation of whether or not your personal data are being processed and, in such case, receive information regarding: purposes of the processing, categories of data processed and retention period, recipients to whom these can be communicated, etc.
- Right to rectification – article 16 of the GDPR: to obtain, without undue delay, the rectification of your data, if incorrect, or the integration of incomplete ones.
- Right to erasure - article 17 of the GDPR: to obtain, without undue delay, the erasure of your personal data in the cases provided for by the same article.
- data in the cases provided for by the same article. Right to restrict the processing activity – article 18 of the GDPR: to obtain the restriction of the processing activities in the cases provided for by the same article.
- Right to data portability – article 20 of the GDPR: to receive, in a structured, commonly used and machine-readable format, your personal data and obtain that they are transmitted to another controller without hindrance, in the cases provided for by the same article.
- Complaints – lodge a complaint to the Italian Data Protection Supervisory Authority, using one of the following contact details: Piazza Venezia, 11 - 00187 Rome; Certified Email: firstname.lastname@example.org (see the website www.garanteprivacy.it/home/diritti for further information on how to lodge a complaint); or to the Data Protection Supervisory Authority of your usual residence, workplace or place of the alleged infringement. You can find a list of references from the Data Protection Supervisory Authorities of EU Member States at the following link: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
The above-mentioned rights can be exercised by contacting the Controller at the addresses indicated in preceding article 1. Please note that the Controller may verify your identity before proceeding with your request.